Mattermost 5.38 and previous versions fails to sufficiently sanitize clipboard contents, which allows a user-assisted malicious user to inject arbitrary web script in product deployments that explicitly disable the default CSP.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mattermost mattermost |